Solved

how to block my lan to surf adult site?

Posted on 2004-10-28
1,190 Views
Last Modified: 2012-08-13
i have a linux router...in my linux router...i have snort, firewall script...my second nic is connected to switch and then from switch to my LAN...so i want if on of the client in LAN typing something at webbrowser such as XXX...so the page will be replace with a page that i create my own self...is that possible?
0
Question by:operation1612
    7 Comments
     
    LVL 6

    Expert Comment

    by:blkline
    What you want to do is install a proxy.  Check out "squid" at

    http://www.squid-cache.org
    0
     

    Author Comment

    by:operation1612
    you mean install a proxy in my gateway?...that mean i will have to open port for proxy?...
    0
     

    Author Comment

    by:operation1612
    at least i dont want any another port to be open in my linux router...unless there is no other choice...thanks
    0
     
    LVL 6

    Expert Comment

    by:blkline
    Squid is a proxy that you can install in the same box.  What you can do is intercept http requests coming from the inside network, look at what is being requested and then reply appropriately.  

    There doesn't have to be any additional ports open from the outside to accomplish this (or the inside either, for that matter).
    0
     
    LVL 51

    Expert Comment

    by:ahoffmann
    install squid (or whatever proxy you like), then use iptables to redirect any outbound traffic to squid, ready.
    0
     

    Accepted Solution

    by:
    I run DansGuardian on top of Squid as a content filter system like so:

    user -> dansguardian:3128  -> (good) squid:80 -> Internet
                          |
                          V
                       (bad) blocked page that I crafted from the available template

    Follow that up with iptables to block direct connect and use the squidguard ruleset that very easily integrates with DansGuardian and you have a pretty darn good content filter system.

    Alternatively, you can leave the squid off (i.e. no caching) and simply just use dansguardian as a filter.
    0
     

    Expert Comment

    by:Peeyush_Maurya
    dansguradian is definetaly good but sometimes it slow down the internet speed...

    use squid and its ACL
    go through this link and u can block any site to some and allow some... through this u can do anything u want in a proxy server ..... squid alone is very powerfull...
    http://www.linux-faqs.com/Forum/viewtopic.php?t=28
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Suggested Solutions

    Title # Comments Views Activity
    AD and openLDAP integration 10 103
    Centos 7 - convert iptables to firewalld 6 855
    iptables port redirection 8 41
    Outgoing Traffic 11 68
    ​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
    Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    933 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now